Pass My A+ — Free CompTIA A+ Study Resource

Security

Study Guide

Security is one of the two largest domains on Core 2 at 28%. You need to know physical security measures, authentication methods (MFA, biometrics), wireless security protocols (WPA2, WPA3), encryption (BitLocker, EFS), malware types and prevention, social engineering attacks, and Windows security tools.

1Physical Security

Physical security is the first line of defense. Measures include locks (padlocks, door locks, cable locks), badges and access cards, biometrics (fingerprint, retina scan), motion sensors, video surveillance (CCTV), and security guards. Clean desk policies and screen locks protect sensitive information.

Examples:

•A cable lock secures a laptop to a desk to prevent theft

•Biometric authentication is something you are — fingerprint or facial recognition

•A clean desk policy means no sensitive documents are left unattended

2Authentication and Access Control

Something you know (password/PIN), something you have (smart card/token), something you are (biometric). MFA (Multi-Factor Authentication) requires at least two factors. Principle of least privilege gives users only the access they need. ACLs (Access Control Lists) define permissions. Active Directory groups manage access.

Examples:

•Using a password (something you know) plus a phone code (something you have) is MFA

•A standard user account should not have admin rights — principle of least privilege

•An ACL on a folder defines which users can read, write, or execute files in that folder

3Encryption

BitLocker encrypts the entire Windows drive (requires TPM). EFS (Encrypting File System) encrypts individual files and folders. WPA3 is the latest wireless encryption standard. VPNs encrypt network traffic over public networks. TLS/SSL encrypts web traffic (HTTPS). Full disk encryption protects data if a device is stolen.

Examples:

•BitLocker requires a TPM chip or USB key to unlock the encrypted drive

•EFS encrypts files so only the owner can access them — even if someone copies the drive

•WPA3 provides stronger encryption than WPA2 and is the current recommended standard

4Malware

Viruses attach to files and spread when executed. Worms self-replicate across networks. Ransomware encrypts files and demands payment. Trojans disguise themselves as legitimate software. Rootkits hide deep in the OS. Keyloggers capture keystrokes. Spyware collects information without consent. Adware displays unwanted ads.

Examples:

•A user opens an email attachment and their files get encrypted — this is ransomware

•A worm spreads automatically through network shares without user interaction

•A rootkit hides its presence by modifying the OS kernel — difficult to detect and remove

5Social Engineering

Social engineering attacks exploit human psychology. Phishing sends fake emails to steal credentials. Whaling targets executives. Vishing uses voice calls. Smishing uses SMS. Tailgating follows someone through a secure door. Baiting leaves infected USB drives for victims to find. Pretexting creates a fake scenario to extract information.

Examples:

•An email from 'IT support' asking you to reset your password is phishing

•Someone following you through a badge-protected door is tailgating

•An infected USB drive left in the parking lot is baiting

Test-Taking Tips

MFA requires at least two different authentication factors — know the three types.

BitLocker encrypts the whole drive; EFS encrypts individual files — know the difference.

WPA3 is the current best practice for wireless security. WPA2 is still acceptable but aging.

Social engineering attacks target people, not technology — awareness is the best defense.